Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SLA-16.MasterIndex.txt

🗓️ 11 Oct 2000 00:00:00Reported by synnergyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Master Index has a directory traversal vulnerability allowing remote file access on Linux/UNIX systems.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
` Synnergy Laboratories Advisory SLA-2000-16  
  
NAME  
  
Master Index directory traversal vulnerability  
  
AFFECTED  
  
Linux/UNIX with Master Index  
  
SYNOPSIS  
  
Synnergy Labs has found a flaw within Master Index that allows a user to successfully  
traverse the filesystem on a remote host, allowing arbitary files/folders to be  
read.  
  
  
DESCRIPTION  
  
Master Index is a professional search engine such as Yahoo and Alta Vista.  
This search engine supports loads of features. Admins can set script to automatically  
add submissions or wait until confirmed by the admin, users can edit and delete their  
listings, admins can add/edit/delete categories and sub-categories, and supports  
unlimited listings. Product pricing is $199.95 US  
  
Master Index can be found at:http://www.armadastyle.com/masterindex.html  
  
Synnergy has recently discovered a flaw within Master Index that allows a remote user  
to traverse the filesystem as a request to the script using the  
$catigory=_some_dir_variable. It is then possible to read any file or folder's contents  
with priviledges as the httpd.  
  
Example:  
  
http://www.target.com/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../etc  
  
The above line if given will output all the directories and the file contents, that are  
nested within /etc directory. Other more sinister content can be revealed from there.  
  
Due to the commercial license of the product we where unable to check the code for the  
exact bug, or even for the discovery of more bugs.  
  
  
SOLUTION  
  
The vendors have been informed of the bug. It is advised to wait for the next patched  
version of Master Index to be released.  
  
  
AUTHOR  
  
Discovery: pestilence @ synnergy.net  
  
  
DISCLAIMER  
  
Synnergy Laboratories may not be held liable for the use or potential  
effects of these programs or advisories, nor the content contained  
within. Use them at your own risk.  
  
COPYRIGHT  
  
Synnergy Laboratories - www.synnergy.net (c) 1998-2000  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Oct 2000 00:00Current
7.4High risk
Vulners AI Score7.4
master indexdirectory traversallinuxunixfilesystem accesssecurity flawremote usersolution.
29
.json
Report